Cisco Webex Meetings Server aka CWMS is sometimes a little bit picky about certificates. If you get the following error message whilst trying to acces the CWMS site it usually indicates a problem with your certstore:
"Setup was unsuccessful.Please try again [Error 23]"
You can try to capture the Webex logs via wbxtracer, and you will probably find an error 0x800B010A in it.
I could't find anything usefull in the internet, except for the fact that it is a certificate chain problem. So I decided to publish the fix here. Hopefully it saves somebodys day ...
Error 23 means IDS_SECURITY_TAMPERED. It means there is something wrong with the integrity check of a (Webex .dll) file.
Most typically this means there could be a problem with any certificate in the certificate path used to verify the digital signature on the file.
In my case, the issue is related to a missing intermediate signing certificate from Verisign (which is used to verify digital signature of Webex .dll files)
The fix is to download the certificate manually and install it as Intermediate CA certificate on affected PCs.
This is the link to download the relevant certificate from VeriSign:
https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer
If you use another CA / certificate, go and check their homepage.
Resolution Summary:
1. Download certificate to affected PC(s): https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer
2. From within IE open "Internet Options” dialog box and under “Content" click on “Certificates".
3. Import certificate into "Intermediate Certificate Authorities” trust store.
4. Happy conferencing ;-)
Friday, September 4, 2015
Saturday, March 7, 2015
Edit Licence MAC on CUCM / CUPS / UCNX / UCCX
This works at least from UC version 8.x onwards.
To get access to the LicenseMac.sh file, you first need root access on your system.
Have a look here: http://uc-b.blogspot.de/2015/03/step-by-step-guide-to-root-access-via.html
When you system is rooted, ssh to it as root.
Fire up vim at LicenseMac.sh:
vim /usr/local/bin/base_scripts/LicenseMac.sh
Search for "FinalString=" by entering "/FinalString=" in vim. Mine popped up at line 155. Might be different in your system.
Edit the string to match your license mac.
FinalString="deadbeafdead"
Watch out! The original line has single quotes. We have to use double quotes to make this work. Otherwise your license field in "show status" might end up empty.
Reboot. Done.
To get access to the LicenseMac.sh file, you first need root access on your system.
Have a look here: http://uc-b.blogspot.de/2015/03/step-by-step-guide-to-root-access-via.html
When you system is rooted, ssh to it as root.
Fire up vim at LicenseMac.sh:
vim /usr/local/bin/base_scripts/LicenseMac.sh
Search for "FinalString=" by entering "/FinalString=" in vim. Mine popped up at line 155. Might be different in your system.
Edit the string to match your license mac.
FinalString="deadbeafdead"
Watch out! The original line has single quotes. We have to use double quotes to make this work. Otherwise your license field in "show status" might end up empty.
Reboot. Done.
Step By Step Guide To Root Access Via SSH On UCCX 10.6
We will do this by booting the VM with a Redhat Centos ISO image. Then we are modifying some parameters and will end up after one reboot with a rooted UCCX system. This guide is also valid for CUCM / CUPS / UCXN. Supported version for this to work is at least 9.x to 10.x. I guess 8.6 should work also.
This guide will walk you through the rooting process of an UCCX 10.6 system. With the 10.x release Cisco switched from a 32bit Linux to a 64bit Linux. So, when you are on a pre 10.x system, you need a 32bit version of Centos. If you are at least on version 10.x you need the 64 bit version.
I use these:
32bit http://isoredirect.centos.org/centos/5/isos/i386/
64bit http://isoredirect.centos.org/centos/6/isos/x86_64/
Things needed for the rooting process of UCCX 10.6:
I'm showing this on a Vmware workstation 7.1 host. Other Vmware versions might/will show a different menu. If you are going to do this, you will be able to figure out where to find the relevant checkboxes. ;-)
I suggest taking a snapshot of the system before we begin.
We start by open the settings window of our UCCX machine. There we map our DVD drive to the Centos ISO image. Check that it will connect on power on.
Then we open the VMX file of your UCCX machine and enter an additional line:
bios.bootDelay = "7000"
When we start the UCCX system, this will give us a 7 sec delay to press ESC in the boot process.Which brings us to the boot menu:
Select "CD-ROM Drive" and press enter.
Select "Rescue installed system".
Select "English".
I prefer to leave it at "us". If you are using a non us keyboard this might be a little bit awkward if you are not used to this.
No need for a network here.
Select "Continue".
This can be a little bit tricky. Choose your active partition. Easy guess here because I came from 9.02 (ver5) to 10.6 (ver6). So it has to be the sda1 partition.
Select "OK".
Select "OK".
Select "Shell".
If you get an error reporting that /mnt/sysimage was mounted read only, you can fix it with:
mount -o rw,remount /mnt/sysimage
After checking /mnt/sysimage is mounted as rw you change your root to the mounted, hopefully active, partition:
bash-4.1# chroot /mnt/sysimage
sh-4.1#
Now we can start editing the systems config for root access via SSH.
Remove securetty to get rid of TTY restrictions:
sh-4.1# rm /etc/securetty
Set a password for root. Because this is only a lab system you can use a simple password and ignore the warning.
sh-4.1# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1#
Assign a shell to the root user:
sh-4.1# vim /etc/passwd
Replace “root:x:0:0:root:/root:/sbin/nologin” with “root:x:0:0:root:/root:/bin/bash”.
Quit and save.
Allow root login via SSH:
sh-4.1# vim /etc/ssh/sshd_config
Add the line “PermitRootLogin yes”.
This one is write protected. So quit by using :wq!.
Set Selinux to permissive:
sh-4.1# vim /etc/selinux/config
Replace “SELINUX=enforcing” with “SELINUX=permissive”.
Quit and save.
Reboot the system to verify successful root access.
sh-4.1# reboot
When the reboot is finished try to ssh to the UCCX system. You should be prompted with this:
login as: root
root@172.20.23.250's password:
Send automatic password
Last login: Fri Mar 6 19:56:49 2015 from 172.20.23.3
[root@LABUCCX ~]#
There we are. Success! This is intended only for use in lab environments! Don't use this in production environments.
For those not familiar with the VIM editor there are some good tutorials online. This one has the important stuff covered: http://vim.wikia.com/wiki/Tutorial
In short words:
/FindMe Search for pattern FindMe. Caution! This is case sensitive.
n Next hit
N Previous hit
To edit a file press i. This will bring you to the insert mode. Now you can insert and delete text.
When you are done press ESC to leave insert mode.
:q! To quit without saving. You loose changes made.
:wq To save and close the file.
:wq! To save and close the file. Even if it is flagged as read only.
This guide will walk you through the rooting process of an UCCX 10.6 system. With the 10.x release Cisco switched from a 32bit Linux to a 64bit Linux. So, when you are on a pre 10.x system, you need a 32bit version of Centos. If you are at least on version 10.x you need the 64 bit version.
I use these:
32bit http://isoredirect.centos.org/centos/5/isos/i386/
64bit http://isoredirect.centos.org/centos/6/isos/x86_64/
Things needed for the rooting process of UCCX 10.6:
- Running Cisco UCCX 10.6 System
- CentOS-6.6-x86_64-bin-DVD1.iso or equivalent.
- 15-30 min of time to spend on this
I'm showing this on a Vmware workstation 7.1 host. Other Vmware versions might/will show a different menu. If you are going to do this, you will be able to figure out where to find the relevant checkboxes. ;-)
I suggest taking a snapshot of the system before we begin.
We start by open the settings window of our UCCX machine. There we map our DVD drive to the Centos ISO image. Check that it will connect on power on.
Then we open the VMX file of your UCCX machine and enter an additional line:
bios.bootDelay = "7000"
When we start the UCCX system, this will give us a 7 sec delay to press ESC in the boot process.Which brings us to the boot menu:
Select "CD-ROM Drive" and press enter.
Select "Rescue installed system".
Select "English".
I prefer to leave it at "us". If you are using a non us keyboard this might be a little bit awkward if you are not used to this.
No need for a network here.
Select "Continue".
This can be a little bit tricky. Choose your active partition. Easy guess here because I came from 9.02 (ver5) to 10.6 (ver6). So it has to be the sda1 partition.
Select "OK".
Select "OK".
Select "Shell".
If you get an error reporting that /mnt/sysimage was mounted read only, you can fix it with:
mount -o rw,remount /mnt/sysimage
After checking /mnt/sysimage is mounted as rw you change your root to the mounted, hopefully active, partition:
bash-4.1# chroot /mnt/sysimage
sh-4.1#
Now we can start editing the systems config for root access via SSH.
Remove securetty to get rid of TTY restrictions:
sh-4.1# rm /etc/securetty
Set a password for root. Because this is only a lab system you can use a simple password and ignore the warning.
sh-4.1# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1#
Assign a shell to the root user:
sh-4.1# vim /etc/passwd
Replace “root:x:0:0:root:/root:/sbin/nologin” with “root:x:0:0:root:/root:/bin/bash”.
Quit and save.
Allow root login via SSH:
sh-4.1# vim /etc/ssh/sshd_config
Add the line “PermitRootLogin yes”.
This one is write protected. So quit by using :wq!.
Set Selinux to permissive:
sh-4.1# vim /etc/selinux/config
Replace “SELINUX=enforcing” with “SELINUX=permissive”.
Quit and save.
Reboot the system to verify successful root access.
sh-4.1# reboot
When the reboot is finished try to ssh to the UCCX system. You should be prompted with this:
login as: root
root@172.20.23.250's password:
Send automatic password
Last login: Fri Mar 6 19:56:49 2015 from 172.20.23.3
[root@LABUCCX ~]#
There we are. Success! This is intended only for use in lab environments! Don't use this in production environments.
For those not familiar with the VIM editor there are some good tutorials online. This one has the important stuff covered: http://vim.wikia.com/wiki/Tutorial
In short words:
/FindMe Search for pattern FindMe. Caution! This is case sensitive.
n Next hit
N Previous hit
To edit a file press i. This will bring you to the insert mode. Now you can insert and delete text.
When you are done press ESC to leave insert mode.
:q! To quit without saving. You loose changes made.
:wq To save and close the file.
:wq! To save and close the file. Even if it is flagged as read only.
Subscribe to:
Posts (Atom)